Figure 3-8 shows a sample architecture for high availability of a Data Center hosting web applications.
NOTE Notice that Figure 3-8 represents a logical topology and focuses on the functions provided by the network components, not on the number of devices. In an actual network, you would have to deploy redundant load balancers, multiple caches, and multiple SSL offloaders.
Chapter 4, “Data Center Design Overview,” describes the design of a fully redundant network.
Web Server Servlet Engines EJB Containers DB-Tier a
Web Server/
Servlet Engine EJB Containers DB-Tier b
Web Server Web Server IP Core or
Internet
IP Core or Internet
Application Server ApplicationServer
Application Server
Application Server ApplicationServer
Application Server
Web Server Web Server
Application Server ApplicationServer
Application Server
Figure 3-8 High Availability for Multitier Applications
The network devices provide the following services:
•
Ethernet switches (not displayed in the picture) provide server attachment to the LAN.Fibre Channel switches (not displayed in the picture) provide server attachment to the SAN.
•
The load balancer intercepts HTTP requests. If the request is for a specific application, the load balancer sends the request to the application servers; otherwise, the load balancer sends the request to the cache engines. If the request is encrypted, it is sent to the SSL offloading devices.•
Cache engines store static content and client-side scripts, thus optimizing the application servers for business-logic processing.•
SSL offloaders decrypt traffic carried on SSL, thus offloading the web and application servers from decrypting HTTPS traffic.Figure 3-8 shows the redundancy mechanisms adopted at each tier of servers.
One key design consideration is that the transient state information of the user session is kept local in the memory of the web/application server. Every time the server receives a new HTTP request from a client, it retrieves this information. Using a database to store and
Web/Application
Multitier Design Case Study 111
retrieve the session information would be extremely inefficient. The persistent information about a user, such as the orders placed by the user or the account information, should be stored on the database.
The web and application servers rely on hardware load balancing as the high-availability mechanism. You can configure hardware load balancing for session persistence to ensure that a client is consistently assigned to a given web/application server during a user session.
The transient state information about the user session is available on the server that the client is assigned to. You can find more information about session persistence by reading Chapters 18 and 19.
TIP Session persistence for web applications is a performance optimization. A design that does not require session persistence consists of sharing the transient state information among web and application servers by saving this information in a shared folder or writing to a database.
Client requests could then be assigned to any server, but for each request, the server would have to retrieve the information from a database, which does not scale well.
High availability between the web/application server and the server that hosts the object components (such as the EJB container) is provided by software-based load balancing.
High availability for the database servers is based on clustering. The database servers are attached to the Ethernet network and to the Fibre Channel network. A DWDM device allows the extension of the cluster across Data Centers.
Security
In multitier application environments, each tier of servers should communicate to another tier of servers via a firewall. The purpose is to isolate compromised servers to prevent the propagation of an attack.
Figure 3-9 shows the logical topology of a multitier server farm with firewalls between each tier. Figure 3-9 also shows the presence of IDS sensors with signatures appropriately tuned for each tier.
The physical topology for the application environment described in Figure 3-9 would consist of a fully redundant topology (such as the one described in Chapter 4), where server farms are segregated by VLANs. (For more information on VLANs, read Chapter 12.) Figure 3-10 clarifies by presenting a physical topology.
Figure 3-9 Security for Multitier Applications
Figure 3-10 Physical Topology for the Attachment of Security Devices
Web Server Web Server
Application Server ApplicationServer
Application Server
Application Server ApplicationServer
Application Server
Web-Tier Servlet Engines EJB Containers DB-Tier
Enterprise Campus Core
Aggregation Layer
Front End or Access Layer
Firewall IDS Sensor Layer 2 Switches
Layer 3 Switches
Web/App Servers Database Servers
Summary 113
All the servers—web and application servers, component servers, database servers—are attached to the same LAN infrastructure and segregated by VLANs.
Instead of having separate physical firewalls between each server farm, the physical topology uses a single pair of firewalls that route between VLANs. Similarly, you would not have one IDS sensor per server-farm segment on a single device configured to monitor all the server-farm VLANs. You would be using multiple IDS devices if the amount of traffic to monitor exceeds the capacity of a single IDS device.
Summary
The network design of a Data Center is driven by the architecture of the application that needs to be supported. Understanding the application environments used today makes it easier to design the network to provide application high availability and security.
The two main software architectures used today are Sun J2EE and Microsoft .NET. Their respective client-side technologies include JavaScript, applets, and ActiveX components.
Their respective server-side technologies include Java servlets and ASP.
Today’s applications, whether developed in-house or commercially, are typically based either on the J2EE or the .NET architecture. These architectures let you build multitier applications. Multitier architectures require specific choices in terms of high availability:
some server tiers rely on hardware load balancing, and other server tiers use clustering.
You can apply hardware load balancing to a multitude of servers. It is typically necessary to perform hardware load balancing for web and application servers, DNS servers, RADIUS servers, and streaming servers. Session persistence is necessary to optimize the servers’ performance.
You use clustering to achieve high availability in the deployment of SANs. If the cluster is extended geographically, you need to evaluate the requirements of the applications that write the data as well as the software that performs data replication. These requirements are typically expressed in terms of latency and throughput. The requirements decide the transport technology and the distance between redundant Data Centers.
The security design of the Data Center consists of placing firewalls between server tiers and of opening ports based on the applications present in the Data Center. RMI, DCOM, and IIOP are typical protocols used within a Data Center. Sometimes, it is difficult to make these protocols work through a firewall; this chapter references documents that explain how to integrate the applications which use these protocols with the firewalls.
Another aspect of the security design consists of enabling IDS signatures in the Data Center and at the Internet Edge. The IDS sensors closer to the servers should capture attacks relat-ed to the specific operating systems and application architecture of the server farm. If the
server farm is based on the .NET architecture, you should enabled signatures for IIS vul-nerabilities; if the server farm is based on J2EE software, you should enable signatures for attacks that exploit servlets, JSP, and Java-based technologies in general.
For Further Reading
Britton, Chris. IT Architectures and Middleware: Strategies for Building Large, Integrated Systems. Addison Wesley, 2000.
Deitel, Harvey, Paul Deitel, and Tem Nieto. Internet & World Wide Web: How to Program.
Prentice Hall, 2001.
This chapter covers the following topics: